Browse Prior Art Database

PROCESSOR RECOVERY FROM CORRUPTED BOOT CODE

IP.com Disclosure Number: IPCOM000009009D
Original Publication Date: 1999-Jan-01
Included in the Prior Art Database: 2002-Jul-31
Document File: 5 page(s) / 176K

Publishing Venue

Motorola

Related People

Simon Crago: AUTHOR

Abstract

A common feature of many microprocessor (and digital signal processor) systems is an area of non- volatile memory that holds the boot code for the processor. Sometimes this boot code needs to be overwritten (e.g. for updating to a more recent ver- sion). However if the boot code becomes corrupted due to some undesirable event during the update process (e.g. a reset or loss of power), the next time the processor tries to reboot it will try to execute the corrupted boot code and will probably fail. The sys- tem may then be useless until the corrupted boot code can be corrected - this often means physically removing the board fro+, the system and reprogram- ming the boot code by an alternative method. This is particularly bad news if the system is in a remote location where immediate access is not possible.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 44% of the total text.

Page 1 of 5

0 M

MOloRoLA Technical Developments

PROCESSOR RECOVERY ~ FROM CORRUPTED BOOT CODE

by Simon Crago

BACKGROUND

  A common feature of many microprocessor (and digital signal processor) systems is an area of non- volatile memory that holds the boot code for the processor. Sometimes this boot code needs to be overwritten (e.g. for updating to a more recent ver- sion). However if the boot code becomes corrupted due to some undesirable event during the update process (e.g. a reset or loss of power), the next time the processor tries to reboot it will try to execute the corrupted boot code and will probably fail. The sys- tem may then be useless until the corrupted boot code can be corrected - this often means physically

removing the board fro+, the system and reprogram- ming the boot code by an alternative method. This is particularly bad news if the system is in a remote location where immediate access is not possible.

PROBLEM

  The boot memory bf a conventional micro- processor based system is shown in Figure 1. The address and control outputs of the processor are decoded to produce the address and control signals for the non-volatile memm-y. This memory contains the boot code which is read (from a tixed address) by the processor following a reset.

Non-Volatile.

A&lres Memory lkccd?

Fig. 1 Conventional Microprocessor Circuit with Boot Code in No&Volatile Memory

e tdotorol?. Inc. ,999 186 January 1999

[This page contains 14 pictures or other non-text objects]

Page 2 of 5

MOTOROLA Technical Developments

Usually the boot code is programmed into the non- volatile memory during board manufacture or board test. However, it may be necessary to change the boot code while the board is in the field. The 'nor- mal' method for upgrading boot code is to download the information into RAM on the board, ensure that the processor is not executing code from the area of memory to be upgraded, then copy the new boot code from RAM to non-volatile memory. Since cur- rent non-volatile memory technologies (e.g. Flash EPROM) often make it necessary to eras e large

areas of memory before the contents of even a sin- gle location can be changed, the entire boot code in non-volatile memory may need to be erased before the version can be copied in. This means that if the system is forced to reset (e.g. due to power disrup- tion or a transient error) while the erase or copy process is being performed, there will be no valid boot code, the microprocessor will fail to boot-up correctly and will exhibit indeterminate behavior (usually causing a system crash). (See Figure 2)

ProcessorReset

Fig. 2 Normal Processor Boot Sequence

  An alternative mechanism must therefore be SOLUTION found that will detect that the processor has failed to
boot, will remap the address decode to make the This article describes a watchdog circuit based alternative boot code visible to the microprocessor solution to perform these actions. The modified and will then reset the microprocessor to force a...